Synproxy

From nftables wiki
Revision as of 22:16, 7 April 2021 by Fmyhr (talk | contribs) (Just a stub with example from nftables 0.9.3 release notes. Not ready for linking yet!)
(diff) ← Older revision | Latest revision (diff) | Newer revision → (diff)
Jump to navigation Jump to search 


table ip foo {

    synproxy https-synproxy {
        mss 1460
        wscale 7
        timestamp sack-perm
    }

    synproxy other-synproxy {
        mss 1460
        wscale 5
    }

    chain pre {
        type filter hook prerouting priority raw; policy accept;

        tcp dport 8888 tcp flags syn notrack
    }

    chain bar {
        type filter hook forward priority filter; policy accept;

        ct state invalid,untracked synproxy name ip saddr map {
            192.168.1.0/24 : "https-synproxy", 
            192.168.2.0/24 : "other-synproxy",
        }
    }
}

Support for using synproxy objects in maps was added in nftables 0.9.3.

Retrieved from "http://wiki.nftables.org/wiki-nftables/index.php?title=Synproxy&oldid=863"